8. SMTP ÀÎÁõ ÇÊÀÚ°¡ »ý°¢ÇÏ´Â 8.10 ¹öÁ¯ÀÇ º¯È­ÁßÀÇ ²ÉÀ̶ó°í »ý°¢ µÇ´Â ±â´ÉÀÌ ¹Ù·Î SMTP ÀÎÁõ ºÎºÐÀÌ´Ù.(¼ÖÁ÷È÷ ±â¼úÀûÀÎ ºÎºÐ¿¡¼­´Â Multiple queues °¡ ´õ¿í ²ÉÀÏÁö´Â ¸ð¸£°ÚÁö¸¸ ³» ÀÔÀå¿¡¼­´Â .. --) ÇÊÀÚ°¡ hosting server¸¦ °ü¸®Çϸ鼭 ¹®Àǹ޴ø Áú¹®Áß¿¡¼­ °ÅÀÇ ´ëºÎºÐÀÌ ¿Ö smtp¼­¹ö¸¦ ÀÚ½ÅÀÇ µµ¸ÞÀÎÀ¸·Î »ç¿ëÀ» ÇÏÁö ¸øÇÏ´À³Ä´Â Áú¹®À̾ú´Ù. ¿ø·¡ ¾Æ´Â »ç¶÷µéÀº ´Ù ¾Ë°ÚÁö¸¸ smtp server´Â ÀÚ½ÅÀÌ »ç¿ëÇÏ´Â ISPÀÇ mail server¸¦ »ç¿ëÇÏ´Â °ÍÀÌ ¼Óµµ»ó °¡Àå ºü¸£´Ù. ÇÏÁö¸¸ ÀÌ¿¡ ´ëÇÑ Àü¹® Áö½ÄÀÌ ¾ø´Â »ç¶÷µéÀº ÀÌ°ÍÀ» ÀÌÇØÇÏÁö¸¦ ¸øÇÑ´Ù. ±×·¸´Ù°í ¸ðµç ´ë¿ª¿¡ ´ëÇؼ­ relay¸¦ ¿­¾î ÁÖÀÚ´Ï SPMAERÀÇ °ø·« ´ë»óÀÌ »·ÇÏ°í ±×Àú °ü¸®ÀÚ´Â ¼Ó¸¸ Å»»ÓÀ̾ú´Ù. ±×Àú NTÀÇ exchange¿¡¼­ Áö¿øÇÏ´Â stmp ÀÎÁõÀ» ¿Ö sendmail¿¡¼­´Â Áö¿øÀ» ÇÏÁö ¾ÊÀ»±î.. ÇÏ´Â ÇÑź »ÓÀ̾ú´Ù. °¢¼³ÇÏ°í »ç¿ë¹ýÀ» ¾Ë¾Æ º¸ÀÚ. compile½Ã¿¡ ÀÌ ±â´ÉÀ» ³Ö¾ú´Ù¸é¼ÂÆûó ÇÊ¿äÇÑ °ÍÀº µû·Î ¾ø´Ù. ¶ÇÇÑ ÇÊÀÚÀÇ FTP ¿¡ ÀÖ´Â sendmail-8.10.0-2kr ÀÌ»ó ¹öÁ¯À» ¼³Ä¡ÇÏ¿´´Ù¸é ±âº»À¸·Î ¼ÂÆÃÀÌ µÇ¾î ÀÖÀ¸´Ï ±×³É »ç¿ëÀ» ÇÏ¸é µÈ´Ù. ±×·³ °£´ÜÇÏ°Ô ÇöÀç ³ªÀÇ smtp ¿¡¼­ smtp auth ±â´ÉÀÌ »ç¿ëÀÌ °¡´ÉÇÑÁö ºÎÅÍ »ìÆì º¸µµ·Ï ÇÑ´Ù. ÀÏ´Ü °¡Àå °£´ÜÇÑ ¹æ¹ýÀº ¶Ç´Â sendmail.cf ¿¡¼­ {{{# list of authentication mechanisms O AuthMechanisms=LOGIN PLAIN DIGEST-MD5 CRAM-MD5}}} ¶óÀÎÀÇ ÁÖ¼®ÀÌ Ç®·Á Àְųª ¶Ç´Â ÇØ´ç ¶óÀÎÀÌ ¼³Á¤ÀÌ ÀÖ´ÂÁö¸¦ È®ÀÎÇÏ¸é µÈ´Ù. º¸Åë RedHat 7.x ºÎÅÍ´Â smtp auth ±â´ÉÀÌ Áö¿øÀÌ µÇÁö¸¸ ¿©±â¼­ ³íÇÏ´Â login ¹æ½ÄÀÌ ¾Æ´Ï¶ó pam ÀÎÁõ ¹æ½ÄÀ» Áö¿øÇÑ´Ù. ¿©±â¼­´Â login ¹æ½ÄÀ» Áö¿ø ¼³¸íÇÒ °ÍÀÌ´Ù. ÀÏ´Ü ¾ÈµÇ¾î ÀÖ´Ù°í ÆÇ´ÜÀÌ µÈ´Ù¸é ´ÙÀ½À» µû¶ó Çϵµ·Ï ÇÑ´Ù. ´ÙÀ½Àº sendamil 8.10 ÀÌ»ó ¹öÁ¯ÀÌ ¼³Ä¡ µÇ¾î ÀÖ°í, libsasl ¶Ç´Â cyrus-sasl package °¡ ¼³Ä¡°¡ µÇ¾î ÀÖ´Â »óȲ¿¡¼­ sendmail auth °¡ ¾ÈµÈ´Ù¸é µÇ°Ô ÇÏ´Â ¹æ¹ýÀÌ´Ù. ÀÏ´Ü /etc/mail ¿¡ º¸¸é sendmail.mc ¶ó´Â ÆÄÀÏÀÌ ÀÖÀ» °ÍÀÌ´Ù. ÀÌ ÆÄÀÏ¿¡ ´ÙÀ½ÀÇ ³»¿ëÀ» ±â¼úÇϵµ·Ï ÇÑ´Ù. {{{dnl # These are the allowed auth mechanisms. To allow relaying for a user dnl # that uses one of them, you must set TRUST_AUTH_MECH. define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl dnl # These are the SMTP auth mechanisms which, if used, dnl # Sendmail will allow relaying for. TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl}}} ±×¸®°í sendamil.cf file À» ´Ù½Ã »ý¼ºÇÏ¸é µÈ´Ù. ´Ü ÁÖÀÇ ÇÒ°ÍÀº rpm À¸·Î ¼³Ä¡¸¦ Çß°í sendmail.mc ¸¦ ÀÌ¿ëÇÏ¿© sendmail.cf ¸¦ ´Ù½Ã »ý¼ºÇÒ °æ¿ì¿¡´Â sendmail-cf package °¡ ¼³Ä¡°¡ µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. ÀÏ´Ü ¼öÁ¤ÇÑ sendmail.mc ´Â ´ÙÀ½°ú °°´Ù. ¹°·Ð Á¶±Ý½Ä Ʋ¸±¼ö´Â ÀÖÁö¸¸ ÆÐŰ¡ ½Ã¿¡ ³ÖÀº ¿É¼Çµé¿¡ µû¶ó Á¶±Ý¾¿ Â÷ÀÌ°¡ ³¯°ÍÀÌ´Ù. {{{ Hanterm - cat /etc/mail/sendmail.mc [root@oops mail]# cat sendmail.mc divert(-1) dnl This is the macro config file used to generate the /etc/sendmail.cf dnl file. If you modify thei file you will have to regenerate the dnl /etc/sendmail.cf by running this macro config through the m4 dnl preprocessor: dnl dnl m4 /etc/sendmail.mc > /etc/sendmail.cf dnl dnl You will need to have the sendmail-cf package installed for this to dnl work. include(`/usr/lib/sendmail-cf/m4/cf.m4')}}} À§ÀÇ ¶óÀÎÀÇ path ¸¦ ÁÖÀÇÇÏÀÚ. RH 7.x ÀÇ °æ¿ì¿¡´Â ¾Æ¸¶ m4 file ÀÇ À§Ä¡°¡ /usr/share/sendmail-cf/m4/cf.m4 ¿¡ À§Ä¡ÇÒ °ÍÀÌ´Ù. ³ªµµ Á¤È®ÇÏ°Ô ±â¾ïÀº ¾È³ª´Ï ¾Ë¾Æ¼­ À§ÀÇ °æ·Î¸¦ È®ÀÎÇϱ⠹ٶõ´Ù. {{{ define(`confDEF_USER_ID',``8:12'') OSTYPE(`linux') undefine(`UUCP_RELAY') undefine(`BITNET_RELAY') define(`confAUTO_REBUILD') dnl # dnl # These are the allowed auth mechanisms. To allow relaying for a user dnl # that uses one of them, you must set TRUST_AUTH_MECH. define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl dnl # These are the SMTP auth mechanisms which, if used, dnl # Sendmail will allow relaying for. TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl dnl # define(`confTO_CONNECT', `1m') define(`confTRY_NULL_MX_LIST',true) define(`confDONT_PROBE_INTERFACES',true) define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail') dnl Security improvement by disallowing VRFY, EXPN define(`confPRIVACY_FLAGS',`authwarnings,needmailhelo,novrfy,noexpn')dnl FEATURE(`smrsh',`/usr/sbin/smrsh') FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable') FEATURE(redirect) FEATURE(always_add_domain) FEATURE(use_cw_file) FEATURE(local_procmail) MAILER(smtp) MAILER(procmail) FEATURE(`access_db') FEATURE(`blacklist_recipients') dnl We strongly recommend to comment this one out if you want to protect dnl yourself from spam. However, the laptop and users on computers that do dnl not hav 24x7 DNS do need this. FEATURE(`accept_unresolvable_domains') dnl FEATURE(`relay_based_on_MX') dnl To use multiple queue feature of 8.10.x define(QUEUE_DIR,`/var/spool/mqueue/q*') dnl change Statistics file name from statistics to sendmail.st define(STATUS_FILE, `sendmail.st') dnl OOPS [root@oops mail]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf À§ÀÇ ¸í·ÉÀ» ÀÌ¿ëÇÏ¿© sendmail.cf ¸¦ »õ·Î »ý¼ºÀ» ÇÒ¼ö ÀÖ´Ù. [root@oops mail]}}} À§ÀÇ sendmail.mc ³»¿ë ´ÙÀ½ÀÇ ¸í·ÉÀ» ½ÇÇàÇϸé sendmail.cf °¡ »õ·Î »ý¼ºÀÌ µÇ°Ô µÈ´Ù. ´Ù½Ã ÁÖÀǸ¦ ÇϰǸ¸ m4 ¸í·ÉÀ» ÀÌ¿ëÇÏ¿© sendmail.cf ¸¦ »õ·Î »ý¼ºÇÒ °æ¿ì sendmail-cf package °¡ ¼³Ä¡ µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù´Â °ÍÀÌ´Ù. (¹°·Ð ÀÌ´Â rpm package ·Î sendmail ÀÌ ÀÌ¹Ì ¼³Ä¡ µÇ¾î ÀÖ´Â °æ¿ìÀÌ´Ù.) ´ÙÀ½Àº sasl ¿¡¼­ auth ÀÇ ¹æ½ÄÀ» ÁöÁ¤Çϵµ·Ï ÇÑ´Ù. ÀÏ´Ü sasl Àº libsasl ¶Ç´Â cyrus-sasl À̶ó´Â À̸§À¸·Î ¼³Ä¡°¡ µÇ¾î ÀÖÀ» °ÍÀÌ´Ù. ¸¸¾à ÀÌ µÎÆÐÅ°Áö°¡ ¼³Ä¡ µÇ¾î ÀÖÁö ¾Ê´Ù¸é sendmail À» óÀ½ºÎÅÍ ´Ù½Ã ¼³Ä¡ÇØ Áà¾ß ÇÑ´Ù. ÀÏ´Ü rpm -qa | grep Sendmail.conf ¸í·ÉÀ» ½ÇÇà ÇÏ¿© Sendmail.conf ¸¦ ã¾Æ¼­ ´ÙÀ½ÀÇ ³»¿ëÀ» »ðÀÔÇÑ´Ù.{{{ pwcheck_method: shadow}}} Sendmail.conf °¡ Á¸ÀçÇÏÁö ¾ÊÀ» °æ¿ì¿¡´Â /usr/lib/sasl À̶ó´Â directory °¡ Á¸ÀçÇϸé /usr/lib/sasl/Sendmail.conf ¸¦ »ý¼ºÇÏ¿© À§ÀÇ ³»¿ëÀ» ³Ö¾îÁÖ¸é µÈ´Ù. ±×¸®°í sendmail À» Àç½ÃÀÛ ÇÑ´Ù. (ÇÊÀÚ°¡ ÆÐŰ¡ÇÑ sendmail À» ¼³Ä¡Çϸé À§ÀÇ ºÎºÐÀÌ shadow °¡ ¾Æ´Ï¶ó pam À¸·Î µÇ¾î ÀÖÀ» °ÍÀÌ´Ù. ÀÌ°Ç ´Ù¸¥ ±â´ÉÀ» Ãß°¡Ç߱⠶§¹®¿¡ pam À¸·Î ¼³Á¤À» ÇÑ °ÍÀÌ´Ù. À§ÀÇ °ÍÀÌ shadow À̵ç pam À̵ç Å©°Ô ¹®Á¦°¡ µÉ °ÍÀº ¾ø´Ù.) ±×·³ ¿î¿µÇÏ´Â ¹æ¹ý¿¡ ´ëÇؼ­ º¸µµ·Ï ÇÏ°Ú´Ù. sendmail¿¡¼­ smtp server·Î »ç¿ëÀ» Çϱâ À§Çؼ­´Â /etc/mai/access ¿¡¼­ ÇØ´ç ´ë¿ª¿¡ ´ëÇÏ¿© RELAY¸¦ Çã¿ëÀ» ÇØ Áà¾ß ÇÑ´Ù. ÇÏÁö¸¸ smtp auth ±â´ÉÀÌ Á¤ÀÇ°¡ µÇ¾î ÀÖÀ¸¸é access¿¡¼­ ¼³Á¤À» ÇÒ ÇÊ¿ä ¾øÀÌ (ÀÌ°ÍÀº RELAY¼³Á¤À» ¾ÈÇØ Á൵ µÈ´Ù´Â ¶æÀÌÁö access file¿¡¼­ REJECT·Î ¸·¾Æ¼­´Â ¾ÈµÈ´Ù´Â ÀǹÌÀÌ´Ù) client side¿¡¼­ mail client¿¡¼­ ¼³Á¤¸¸ ÇØ ÁÖ¸é µÈ´Ù. ±×·³ Netscape Mailer¿Í Outlook Express¿¡¼­ÀÇ ¼³Á¤À» º¸µµ·Ï ÇÏÀÚ. * Netscpae mailer Edit>Preferences>mail & Newgroups>Mail Servers ¿¡¼­ Outgoing mail server user name ¿¡ °èÁ¤À¯Àú¸¦ Àû¾î ÁÖ°í SSL ¸ðµå´Â If Possible ·Î Àâ¾Æ ÁÖ¸é µÈ´Ù. ¹°·Ð Plainµµ °¡´ÉÇÏ´Ù. ±×¸®°í ¸ÞÀÏÀ» º¸³»¸é ÀÎÁõ âÀÌ ¶ß°Ô µÇ¸ç ¿©±â¿¡ °èÁ¤ name°ú °èÁ¤ password·Î loginÀ» ÇÏ¸é µÈ´Ù. * Outlook Express 98 µµ±¸>°èÁ¤>¸ÞÀÏ>°èÁ¤µî·ÏÁ¤º¸>¼­¹ö>º¸³»´Â ¸ÞÀϼ­¹ö ¿¡¼­ "ÀÎÁõ ÇÊ¿ä"¿¡ üũ¸¦ ÇÏ°í ¿·ÀÇ "¼³Á¤"À» Ŭ¸¯ÇÑÈÄ ·Î±×¿Â Á¤º¸¿¡ °èÁ¤ ID¸¦ ³Ö¸é µÈ´Ù. ±×¸®°í º¸¾È¾ÏÈ£ÀÎÁõÀ» »ç¿ëÇÏ¿© ·Î±×¿ÂÀº ¼±ÅÃÇÏ¸é ¾ÈµÈ´Ù ^^; PlainÀ¸·Î ÇØ¾ß ÇÑ´Ù. ±×·³ ´ÙÀ½Àº °£´ÜÇÏ°Ô sendmail¿¡¼­ smtp auth±â´ÉÀÌ Á¦´ë·Î ÀÛµ¿À» ÇÏ´ÂÁö »ìÆì º¸µµ·Ï ÇÑ´Ù. ºÓÀº»ö ±ÛÀÚ´Â ÇÊÀÚ°¡ typingÀ» ÇÑ °ÍÀÌ´Ù. {{{Hanterm - telnet localhost 25 [root@oops mail]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 oops.org ESMTP Sendmail 8.10.0/8.10.0; Tue, 4 Apr 2000 15:31:05 +0900 ehlo localhost 250-oops.org Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ONEX 250-ETRN 250-XUSR 250-AUTH LOGIN PLAIN 250 HELP quit 221 2.0.0 oops.org closing connection Connection closed by foreign host. [root@oops etc]# }}} À§¿¡¼­ Èò»ö ±½Àº ±ÛÀÚ·Î AUTH LOGIN PLAINÀÌ ³ª¿À¸é Plain ¹æ½ÄÀÇ loginÀÌ °¡´ÉÇÏ´Ù´Â ÀǹÌÀÌ´Ù. ¹°·Ð compile½Ã¿¡ ¾î¶°ÇÑ ¹æ½ÄÀ¸·Î ÇÏ´À³Ä¿¡ µû¶ó ´Þ¶ó Áö¹Ç·Î ²À À§¿Í°°Àº °á°ú°¡ ³ª¿À¸®¶ó´Â ¹ýÀº ¾øÁö¸¸ ¾î¶°ÇÑ ÇüÅ·εç auth¿Í ºñ½ÁÇÑ ¹®±¸´Â ³ª¿Í¾ß ÇÑ´Ù´Â °ÍÀ» ¾Ë¾Æ¾ß ÇÑ´Ù. ÀÚ, ±×·³ ½ÇÁ¦·Î sendmail auth °¡ ÀÛµ¿ÇÏ´ÂÁö¸¦ Å×½ºÆ® ÇÏ´Â °ÍÀº ¾Æ·¡ÀÇ °úÁ¤À¸·Î Å×½ºÆ®¸¦ ÇÒ ¼ö°¡ ÀÖ´Ù. {{{ Hanterm - telnet localhost 25 [root@oops mail]# php -r 'echo base64_encode("user")."\n";' dXNlcg== [root@oops mail]# php -r 'echo base64_encode("password")."\n";' cGFzc3dvcmQ= [root@oops mail]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 work.oops.org ESMTP Sendmail 8.12.9/8.12.9; Sat, 23 Aug 2003 01:27:54 +0900 AUTH LOGIN 334 VXNlcm5hbWU6 dXNlcg== 334 UGFzc3dvcmQ6 cGFzc3dvcmQ= 235 2.0.0 OK Authenticated quit 221 2.0.0 work.oops.org closing connection Connection closed by foreign host. [root@oops mail]#}}} sendmail auth ¿¡¼­ÀÇ ÀÎÁõ½Ã user name °ú password ´Â base64 encoding ÀÌ µÈ °ªÀ» ÀÌ¿ëÇØ¾ß ÇÑ´Ù. Áï À§ÀÇ °úÁ¤¿¡¼­ óÀ½ php ¸¦ ½ÇÇàÇÏ´Â °ÍÀÌ À¯Àú¸í°ú Æнº¿öµåÀÇ base64 ÀÎÄÚµù °ªÀ» ±¸ÇÏ´Â °úÁ¤À̸ç, 25¹ø Æ÷Æ®·Î Á¢¼ÓÀ» ÇÑ ºÎºÐ¿¡¼­ ºÓÀº»ö ±Û¾¾ ºÎºÐÀÌ ¹Ù·Î À¯Àú¸í°ú Æнÿöµå¸¦ ÀÔ·ÂÇÏ´Â ºÎºÐÀÌ´Ù. Æнº¿öµå¸¦ ³ÖÀº ÈÄ¿¡,{{{ 235 2.0.0 OK Authenticated}}} ¸Þ¼¼Áö°¡ ³ª¿Â´Ù¸é ÀÎÁõ¿¡ ¼º°øÀ» ÇÑ °ÍÀÌ´Ù. ÀÌ ¿Ü¿¡µµ 25¹ø port·Î Á÷Á¢ loginÇÏ¿© »ç¿ëÀ» ÇÏ´Â ¸í·ÉµéÀº [ ¿©±â ] ¸¦ ÂüÁ¶ Çϵµ·Ï ÇÑ´Ù. 9. SSL + Sendamil smtp auth ±â´ÉÀ» »ç¿ëÇϱâ À§Çؼ­´Â libsasl °ú openssl À» ¿¬µ¿À» ÇÏ°Ô µÈ´Ù. ´öºÐ¿¡ TLS/TTS ¸¦ ÀÌ¿ëÇÏ¿© ÆÐŶÀ» ¾Ïȣȭ ÇÏ¿© º¸³¾¼ö°¡ ÀÖ´Ù. ÇÏÁö¸¸ ¾Æ½±°Ôµµ ¿ì¸®°¡ °¡Àå ¸¹ÀÌ »ç¿ëÇÏ´Â mail agent ÀÎ OutLook °ú Netscape mail agent ÀÇ °æ¿ì¿¡´Â libsasl ¿¡¼­ Á¦°øÇÏ´Â ¾Ïȣȭ°¡ Áö¿øÀÌ µÇÁö ¾Ê´Â´Ù. °á±¹ ÆÐŶÀ» ¾Ïȣȭ ÇÏ¿© »ç¿ëÀ» ÇÏ·Á¸é ¶Ç´Ù¸¥ ÇÁ·Î±×·¥ÀÇ µµ¿òÀ» ¹Þ¾Æ¾ß ÇÑ´Ù. ±× ´ëÇ¥ÀûÀÎ ÇÁ·Î±×·¥ÀÌ ¹Ù·Î sslwrap °ú stunnel ÀÌ ÀÖ´Ù. ÇÊÀÚÀÇ È¨ÆäÀÌÁö¿¡¼­´Â sslwrap À» ÀÌ¿ëÇÏ¿© sendmail °ú ssl À» ¿¬µ¿½ÃÅ°´Â ¹æ¹ýÀ» Á¦½ÃÇÏ°í ÀÖ´Ù. ÇÊÀÚÀÇ °­Á¶õ¿¡¼­ [ Secure TCP with SSLWRAP ] °­Á¸¦ ÂüÁ¶ Çϵµ·Ï Ç϶ó.